In Facebook ad-accounts, one can add other facebook accounts to create/view/manage campaigns. So a account "A" can have multiple ad-accounts under him. Though he is not admin of these accounts. The only extra privilege that admin of any ad-account has is I guess just to be able to view and edit Credit Card info.
Now the adaccount "A" has authorized my app with ads_management, ads_read permission. But using A's access_token I am not able to fetch campaigns of ad-accounts which are managed by A since A is not admin of these account. Which I think is wrong, since A is able to manage ads through Dashboard, using A's token I should be able to fetch campaigns through API as well.
I get following error:
{ "error": {
"message": "(#10) You do not have sufficient permissions to perform this action",
"type": "OAuthException",
"code": 10 } }
Can someone tell me If I am doing something wrong or is there any other way in which I can fetch campaigns of adaccount. I cannot make my user to login with each adaccount into my app. The user would login only with the one account he uses to manage all his other brand accounts.
Given the generic nature of the permissions error, this is not the one answer for everyone, but after wasting a significant amount of time on this, it turned out the problem (for me) was this:
I had been added correctly as an Ad Account Advertiser
I had not been added to the relevant Account Groups
When the second point was addressed, I no longer encountered the OAuthException: (#10) You do not have sufficient permissions to perform this action error. For reference, the Account Groups section is currently accessible via "Settings" in the Ad Manager left sidebar and is located under the "Ad Account Roles" section of the Settings page.
Facebook permissions revolve around users, not accounts. A user is given access to manage a set of adaccounts.
The adaccounts they are able to manage can be found by making a request to me/adaccounts on the graph. If you do not see the adaccount within this set, then the user does not have access.
Additionally, users have roles. The roles are as follows and can be read from the users connection on adaccount:
Level 1001, administrator access
Level 1002, general-user access
Level 1003, reports-only access
If the user has the role reports-only access the will not be able to read everything about an ad account.
Just ran into this issue myself.
The issue was that we couldn't add users as "Ad Account Admins" from the standard ad account interface.
Once we "claimed" the ad account using from the new business.facebook.com site the option to add a user as an Admin was available.
The option is under "Settings > Ad Accounts" at https://business.facebook.com
My account is admin of Ad Account but it cannot execute API: GetAdsUser() and GetCampaigns().
AdAccount adAccount = new AdAccount("act_{add-account-id}");
var adUsers = adAccount.GetAdUsers();
var campains = adAccount.GetCampaigns();
It throw an exception:(#10) You do not have sufficient permissions to perform this action.
What's happen with my account or my facebook application?
Related
We are having issues enabling our customers to authenticate their page-backed instagram ad account credentials in order to manage ads in our app. We are stumped trying to figure out what's going wrong, as the authentication works for some customers but not for others.
In the error we receive from Facebook, it says that they don't have the right CREATE_ADS permissions. But in the cases where it's not working, we have verified that the user attempting to authenticate is a Facebook page admin (for the page backing the instagram account) and is an ad account admin.
Is there another type of permission the user needs to have? And/or anything else we need to be validating for a user here?
This is not clearly specified by Facebook. I would suggest you to use:
/instagram_accounts and if this doesn't return any result then you should fall back to
/page_backed_instagram_accounts
Also, note that /instagram_accounts works on ad accounts also.
I'm working on a application that post messages on facebook pages using the manage_pages, publish_pages roles.
Now we need to boost some of those post using ads. For that reason, we also ask for the ads_management, read_ads roles.
With these roles and the marketing api, we thought that we will be available to create an ad for the page post (with the access token of the page) and using an ad account linked to the app, not to the page (the ad is a reward for posting, so it will be payed by the app).
In our first POC, we get authorization errors when using the access token of the page and the ad account of the app. And this is logic for me: an app cannot allow a page token to use the money on an ad account that does not belong to him/them!
Ok. We changed of approach. Now we use a user token from someone of our organization that have access to the the ad account. Now the marketing api is allowing us to manipulate the account, but this user cannot create ads for the posts of the managed pages because it does not have the Advertiser role on each of those pages!
I think that the problem is that the marketing api does not use application level roles but user roles only ... I'm right?
I'm saying this because our application has all the roles that we need, but of course, our staff don't (facebook users authorize apps, not people from the app's organization).
So, there is a way to use the facebook marketing api using an app that can post and manage ads for that page but that use an ad account that is not related to the page?
The page, for which you want to run ads, will have to add the Ad Account (or respective User account that has access to the Ad Account) as an advertiser to the page. That way, you app will be able to create ads for those pages. Can you confirm that works?
My goal is to add third party Ad Account IDs I need to access using the reportstats and insights APIs. (My developer account is at 'Basic' access so this is still a requirement.) I can see this being set in two places and I don't know what the difference is between them.
Here I can add the Ad Account Ids directly to the 'Authorised Ad Account IDs' input field:
But if I click on the "Ads API" button in the pop up I can also add Ad Account IDs, and these two places do not seem to be in sync with each other.
Those are for different purposes
The first screenshot, with the 'Authorized Ad Account IDs' field designates advertising accounts that you want to be able to run ads promoting your Facebook app - a user who isn't an admin or developer of your app will be able to create ads about your app if they do so in one of those accounts
The second screenshot is specific to apps which themselves access ad accounts via the Marketing API - for apps with 'Development' or 'Basic' access to the Marketing API you may only access a limited set of accounts, and this UI is where you specify which accounts you want to manage (otherwise any single user of your app could have so many accounts that they push you over the limit)
My web app authenticates the user and retrieves her advertising accounts with her user token:
/me?fields=id,name,adaccounts
After I received the ad account ids I am trying retrieve the adgroups for one of them:
/act_xxxxxxxxxxxxxxx/adgroups
but I am getting an error:
(#10) You do not have sufficient permissions to perform this action'
My user has a GENERAL_USER role for this ad account. Is this user role sufficient for this API call? I cannot seem to find this in the official documentation. Any help here would be much appreciated!
I'm trying to query the Facebook Ads API with the Graph Api Explorer. I have two Ads Account connected to me (if i query /me/adaccounts/ I see both) one is my own and the other one I'm only admin on but not owner.
The Problem is with the one I'm not the owner. If I query my Adaccount with /act_<ACT_ID/stats I get a normal response with the stats back if I query the other account i get:
(#273) This Ads API call requires the user to be admin of the ad account. User <MY_USER_ID> not admin on ad account <ACT_ID>.",
I can see both Adaccounts normal in the Facebook Adsmanager.
What I have done to get the response is:
Create an Facebook App
Added the Adaccount under developer.facebook.com -> myApp -> settings -> advanced -> advertising accounts -> Ads API. Account
open GraphExplorer (https://developers.facebook.com/tools/explorer/)
select my created App
get AccessToken (ads_management, ads_read)
go to url me/adaccounts/
if i click on my adaccount it works if i click on the other i get the #273 error
I don't see what I'm doing wrong if someone could point me in the right direction I would be gratefull.
This may be due to your ad account is inactive or in a bad standing. Additionally if your access level of your ad account is in development level these types of errors may occur. please go through what's mentioned on the doc here
If you upgrade your account to basic or standard access levels this will be solved.
On development access level only end to end workflows are suggested. The following text is extracted from facebook documentation.
The development access level is designed for development purposes and is ideal for people who are just starting to build out their tool. In this level, you would not yet have customers using your tool. This level is open to all developers, and is intended to build out end-to-end workflows on the API before you get full permissions.
A similar issue has been reported on facebook bug reports. you can see the thread here
As #Igy stated it in a comment: "a user has to be the admin of both the ad account and the app (and not just an advertiser or have some other role on the ad account)".
There is 2 places to check that:
the app's roles page, https://developers.facebook.com/apps/[APP_ID]/roles/
the account's peoples page, https://business.facebook.com/settings/people/
Once the user is admin on both side, the API calls will be just fine.
Your business manager doesn't have admin rights. Please check the admin rights of the business manager and also add the app in your business manager to get the report stat(https://developers.facebook.com/docs/apps/business-manager#update-business).